Nissan Shuts Down Leaf Mobile App Following Security Hack

Flaw gave hackers access to other Leaf EVs.

Earlier this week, Nissan deactivated the NissanConnect EV app for its Leaf electric car. The automaker made the move after a computer researcher exposed a security issue that allowed hackers to view information and control features on others' Nissan Leaf EVs.

Researcher Troy Hunt reportedly discovered the flaw last month before publishing his findings on his blog Wednesday. According to Hunt, a flaw allows hackers to use the app to control the Leaf's climate control system simply by obtaining the vehicle's Vehicle Identification Number (VIN). The security flaw also provides access to the vehicle battery's state of charge.

Hunt emphasizes that the flaw doesn't affect other vehicle systems or how the vehicle drives. Still, he is critical of Nissan for allowing this breach to happen in the first place and its slow response to the issue. Hunt claims he informed Nissan on January 23, well over a month before Nissan finally deactivated the mobile app on February 25.

"I would have preferred the see faster action from Nissan," Hunt wrote on his blog. "In my view, this is the sort of flaw that needs to have the service pulled until it can be fixed properly and restored."

We reached out to Nissan and received an emailed statement. "The NissanConnect EV app (formerly called CarWings and is used for the Nissan Leaf and eNV200) is currently unavailable," Nissan said in the statement. "We apologize for the disappointment caused to our Nissan Leaf and eNV200 customers who have enjoyed the benefits of our mobile apps. However, the quality and seamless operation of our products is paramount. We're looking forward to launching updated versions of our apps very soon."

A Nissan spokesperson said the automaker doesn't have an exact date on when the updated app will launch.

While this hack isn't as dramatic as the one that took full control of a Jeep Cherokee, it should serve as a cautionary tale for all automakers who are rolling out more app-based features. Volvo, for example, announced it will offer smartphone app keys by 2017, while a number of automakers already allow owners to control a number of vehicle functions via a personal mobile device.